Identity Attack Watch: October 2021

By Semperis Research Team October 29, 2021 | Active Directory

Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD to introduce or propagate malware.

This month, the Semperis Research Team highlights identity-related cyberattacks including an attack on U.S. broadcast company Sinclair, Microsoft’s warnings about delegating privileges to service providers, and more.

 

Sinclair TV station attack exploited Active Directory

A ransomware attack that hit Sinclair Broadcast Group, which owns or operates 186 U.S. TV stations, targeted the company’s corporate Active Directory domain.

Read more

Microsoft highlights danger of risky access privileges for service providers 

Microsoft warned organizations to guard against attacks—like SolarWinds—that exploit risky access permissions for service providers. Among other guidance, the company urged a review of authentications associated with Azure AD configuration changes.

Read more

Law enforcement efforts dampen REvil activities

International government entities, including U.S. law enforcement agencies, have taken down sites and web infrastructure of REvil, a ransomware group whose tactics include exploiting administrative privileges.

Learn more

BlackMatter attacks Olympus again

Weeks after reporting a ransomware attack on its EMEA network, global manufacturer Olympus reported a second incident that took out systems in the U.S., Canada, and Latin America. The attacks are attributed to BlackMatter, a group that uses tactics including deploying ransomware through a scheduled task with a PowerShell script on a domain controller.

Read more

Researchers uncover Microsoft Exchange vulnerability in Autodiscover feature

Guardicore researchers discovered that faulty implementation of the Autodiscover feature in Microsoft Exchange caused a leak of at least 100,000 login names and passwords of Windows domains. Attackers could exploit this flaw by setting up top-level Autodiscover authentication domains to collect user credentials.

Read more

 

More Resources

Want to strengthen defenses of your Active Directory against cyberattacks? Check out our latest resources.

About the author
Semperis Research Team
Semperis Research Team
The Semperis Research Team continuously studies the ways cyber criminals are plotting to compromise organizations' information systems—particularly by exploiting vulnerabilities in Active Directory—now and in the future. Their work provides guidance for the security community in protecting against AD-related attacks and informs the development of products that help organizations increase their cyber resilience. Linkedin
Unlock cyber resilience. Get a demo